We continue to introduce new transactions and functionality through the
NaviNet web portal that offer you increased access to patient-specific clinical
and financial information. As such, we want to remind you of the importance of
the role and responsibility of your designated NaviNet Security Officer.
What is a NaviNet Security Officer?
The NaviNet Security Officer is your office?s primary contact with NaviNet
regarding security issues with the portal. NaviNet-enabled offices must have at
least one NaviNet Security Officer designated. The Security Officer also
interacts with NaviNet users in your office and with NaviNet Customer Support
to ensure that users are getting the most out of NaviNet.
The Health Insurance Portability and Accountability Act (HIPAA) mandates
that each provider office designate a Security Officer to be aware of the
electronic storage and transmission of patient information within and from your
office. This person can also take the role of the NaviNet Security Officer.
Why does NaviNet require Security
Officers?
NaviNet is not like a general public website (e.g., Amazon or eBay) where
anyone can elect to register themselves for access. NaviNet retrieves
patient-specific information from health plans that providers are required to
protect under HIPAA. NaviNet users must have a specific, legitimate reason to
access this information, and NaviNet verifies that each office is an actual
provider. Each office is responsible for setting their own user accounts, and
the Security Officer is the individual who has the authority to create those
user accounts on behalf of the office.
What are the roles and responsibilities of a
NaviNet Security Officer?
A NaviNet Security Officer is responsible for making sure that NaviNet is
used in a HIPAA-compliant way. He or she is also responsible for configuring
providers, users, and permissions so the office can use NaviNet effectively as
well as efficiently.
To fulfill these responsibilities, the Security Officer undertakes several
special tasks, including:
- ensuring that every staff member who accesses NaviNet has his or her own
unique user name and password;
- ensuring that user names and passwords are not shared with anyone else in
the office;
- adding, reactivating, deactivating, and terminating NaviNet users in the
office, when appropriate;
- resetting user passwords for staff members who forget their passwords
and/or the answers to their challenge and response questions;
- changing the amount of time before NaviNet automatically logs off from an
inactive session;
- notifying NaviNet if someone else takes on the Security Officer role for
the office;
- setting transaction permissions for individual users;
- making sure the office is registered to all applicable health plans;
- making sure the office has the right tax ID numbers, groups, and providers
available for NaviNet transactions.
Who in your office should be the NaviNet
Security Officer?
Your office management should select at least one user who takes on the
NaviNet Security Officer role. He or she should be a trusted individual, as he
or she will be giving other users access to protected health information.
Typically, NaviNet Security Officers are office supervisors, lead
administrators, experienced NaviNet users, or members from IT or the
Privacy/Security department.
You may consider having two Security Officers designated, with one as
backup, especially if you are in a larger office. We also recommend that
NaviNet Security Officers use NaviNet on a regular basis in order to be able to
provide the appropriate support to users in the office.
For more detailed information on common Security Officer tasks, as well as
best practices, please select Help at the top of NaviNet Plan Central
and then the Security Officers tab.
NaviNet is a registered trademark of NaviNet, Inc., an
independent company.